Legal

Privacy Policy

Last updated: July 5, 2026

This Privacy Policy explains what information Canflow ("we", "us") collects, how we use and share it, and the choices you have. It applies to canflow.app, boards.canflow.app, and related services (the "Service").

01 Information we collect

Information you provide

Information collected automatically

Information from integrations

If you sign in with Google, we receive your name, email, and profile picture from Google. If you connect AI agents (e.g. Claude Code or Codex) via MCP, those agents access the board data you authorize.

02 How we use information

We do not sell your personal information.

03 Service providers (subprocessors)

We rely on trusted third parties to run the Service. Each processes data only as needed to provide their function:

ProviderPurpose
VercelApplication hosting & delivery
NeonDatabase & authentication
StripeSubscription billing & payments
ResendTransactional email delivery
GoogleOptional sign‑in (OAuth)
AI agent providers (e.g. Anthropic, OpenAI)Only when you connect an agent to your boards

04 How we share information

We share information only: with the service providers above; with collaborators, testers, or agents you invite; as part of content you choose to make public (e.g. a public roadmap); when required by law or to protect rights and safety; or in connection with a business transfer (e.g. merger or acquisition), subject to this Policy.

05 Data retention

We keep your information for as long as your account is active or as needed to provide the Service. When you delete content or your account, we delete or anonymize the associated data within a reasonable period, except where we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements. Backups may persist for a limited time before being overwritten.

06 Security

We use industry‑standard measures to protect your data, including encryption in transit (HTTPS), hashed passwords and verification codes, and access controls. No method of transmission or storage is 100% secure, but we work to protect your information and to notify you of material breaches where required by law.

07 Your rights

Depending on where you live (for example, under GDPR or CCPA), you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. You can update most details in your account settings, or contact us at support@canflow.app to exercise these rights. We will not discriminate against you for exercising them.

08 Cookies

We use cookies and local storage that are essential to run the Service - primarily to keep you signed in and to remember preferences such as your selected theme. We do not use third‑party advertising cookies. You can control cookies through your browser settings, though disabling essential cookies may prevent you from signing in.

09 International transfers

Our providers may process and store data in countries other than yours. Where we transfer personal data internationally, we rely on appropriate safeguards as required by applicable law.

10 Children

The Service is not intended for children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

11 Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide additional notice where appropriate.

12 Contact

Questions or requests about your privacy? Email support@canflow.app.

This document is a general starting template and not legal advice. Confirm the subprocessor list matches your actual stack and have it reviewed by a qualified lawyer before your public launch.